browsersvc_tmc[.]exe

Resubmissions

23/07/2024, 20:15

240723-y1r5sawdjm 5

23/07/2024, 20:13

240723-yzvjhsyfqa 5

23/07/2024, 20:01

240723-yrkz4svelm 5

Sharing

Copy URL Twitter E-mail

General

Target

browsersvc_tmc.exe
Size

8.7MB
MD5

7ad5a6cf450a40506803dd924acb605d
SHA1

7101d2ca28e48ca203d6337396ec6b902650d61b
SHA256

0e79cb06580725f3db215e4fdadab3363cfec1cd4cc522c42797998a93044f88
SHA512

cc3f8d3429af26644764f8ca146f6f241062b7fa18c2ec7f59ed73c3e54b3485d87999ae2b2765003b61da90003abc898594dc2e49d469118c529e56013aee2d
SSDEEP

196608:13i6G3yr6M+G2r6LKVJiy4d6UteCLjtKR6p4AAnfns:RitNrVP7iAfns

Score

1^/10

Malware Config

Signatures

Files

browsersvc_tmc.exe
.exe windows:5 windows x86 arch:x86

2ed96fa9b3e9ad43d81d60a80ea45af2

Code Sign

4f:58:fc:05:42:6c:c4:b6:5d:bc:0c:2c:2e:3a:f3:04
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

11/07/2019, 00:00

Not After

15/08/2021, 23:59

Subject

CN=GRETECH CORPORATION,OU=GRETECH CORPORATION,O=GRETECH CORPORATION,L=Shinjuku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

15:c6:8a:7b:62:dd:6a:67:41:ed:fd:bb:80:ba:d3:ff:98:30:0e:3b:36:ab:4c:3e:14:78:de:6d:26:1a:92:cb
Signer

Actual PE Digest

15:c6:8a:7b:62:dd:6a:67:41:ed:fd:bb:80:ba:d3:ff:98:30:0e:3b:36:ab:4c:3e:14:78:de:6d:26:1a:92:cb

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\GOMAudio\project\bin\pdb\GOMAU.pdb

Imports

rpcrt4

UuidToStringW
RpcStringFreeW
UuidCreate

comdlg32

ChooseColorW
GetOpenFileNameW
GetSaveFileNameW

powrprof

SetSuspendState

kernel32

GetCurrentThread
GetVersion
LocalAlloc
GetPrivateProfileSectionNamesW
CompareStringW
IsDBCSLeadByteEx
GetNumberFormatW
GetUserDefaultLangID
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateThread
lstrcpynA
SetUnhandledExceptionFilter
VirtualQuery
IsBadWritePtr
SetThreadPriority
lstrcatW
RemoveDirectoryW
CreateEventW
SetEvent
ResetEvent
WaitForMultipleObjects
lstrcmpiW
LoadLibraryExW
WinExec
GetLogicalDrives
GetLocalTime
HeapAlloc
HeapFree
GetProcessHeap
GetWindowsDirectoryW
GetVersionExA
CreateFileA
SetEndOfFile
GetFileAttributesA
GetACP
IsDBCSLeadByte
lstrlenA
InterlockedIncrement
InterlockedDecrement
IsBadStringPtrW
IsBadReadPtr
GetSystemInfo
InterlockedExchange
InterlockedExchangeAdd
DeleteTimerQueueEx
GetCPInfo
FlushFileBuffers
GetStdHandle
GetFileType
FindFirstFileA
FindNextFileA
GetDriveTypeA
CreateDirectoryA
SetFileAttributesA
GetDiskFreeSpaceA
GetModuleHandleA
LocalFileTimeToFileTime
MoveFileA
VerifyVersionInfoW
GetCurrentProcessId
LoadLibraryExA
DeviceIoControl
InterlockedPopEntrySList
InterlockedPushEntrySList
IsProcessorFeaturePresent
OutputDebugStringW
VirtualFree
InterlockedFlushSList
ReleaseSemaphore
VirtualProtect
FreeLibraryAndExitThread
GetThreadTimes
SetStdHandle
GetTimeZoneInformation
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetTimeFormatW
GetDateFormatW
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
ChangeTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateSemaphoreW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
UnhandledExceptionFilter
GetModuleHandleExW
ExitProcess
MoveFileExW
AreFileApisANSI
HeapSize
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
ResumeThread
GetFileAttributesExW
HeapReAlloc
ExitThread
RtlUnwind
GetStringTypeW
EncodePointer
GetSystemTimeAsFileTime
GetExitCodeThread
DuplicateHandle
GetTempPathW
SetFilePointer
GetVolumeInformationW
GetLongPathNameW
Sleep
SetFileAttributesW
DeleteFileW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcpynW
CloseHandle
WriteFile
GetCurrentDirectoryW
GetCommandLineW
InitializeSListHead
GetFileInformationByHandle
WaitForSingleObjectEx
lstrlenW
GetDriveTypeW
WideCharToMultiByte
SystemTimeToFileTime
CopyFileW
FormatMessageW
LocalFree
SizeofResource
GetProcAddress
FreeResource
FreeLibrary
GetNativeSystemInfo
GetVersionExW
GetSystemTime
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
FindNextFileW
FindFirstFileW
FindClose
GetSystemDefaultLangID
SetFileTime
GetFileTime
GetFileAttributesW
ReadFile
GetFileSize
FileTimeToSystemTime
FileTimeToLocalFileTime
TerminateThread
GetDiskFreeSpaceExW
FindResourceW
lstrcmpW
MulDiv
GlobalFree
GlobalUnlock
GlobalHandle
GlobalLock
GlobalAlloc
LockResource
LoadResource
GetModuleFileNameW
GetModuleHandleW
FlushInstructionCache
GetCurrentThreadId
GetCurrentProcess
IsDebuggerPresent
SetLastError
SetDllDirectoryW
LoadLibraryW
DeleteTimerQueueTimer
CreateTimerQueueTimer
CreateTimerQueue
GetTickCount
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VerSetConditionMask
lstrcpyW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
DecodePointer
QueryDepthSList
UnregisterWaitEx
CreateFileW
CreateDirectoryW
VirtualAlloc
MultiByteToWideChar
WriteConsoleW
CreateProcessA
SetEnvironmentVariableA

user32

EnableMenuItem
CheckMenuItem
DestroyMenu
CreatePopupMenu
GetSystemMenu
GetMenuStringW
TranslateAcceleratorW
LoadAcceleratorsW
IsMenu
PostQuitMessage
GetSubMenu
GetMenuItemCount
AppendMenuW
ModifyMenuW
RemoveMenu
UnregisterClassW
PostMessageW
DefWindowProcW
RegisterClassW
GetClassInfoW
CreateWindowExW
IsWindow
SetWindowPos
SetFocus
UpdateWindow
DeleteMenu
GetClientRect
GetWindowRect
LoadCursorW
RegisterWindowMessageW
CallWindowProcW
RegisterClassExW
GetClassInfoExW
ShowWindow
TrackPopupMenu
InsertMenuItemW
GetCursor
CheckMenuRadioItem
LoadBitmapW
WindowFromPoint
GetCursorInfo
RegisterHotKey
UnregisterHotKey
SetWindowRgn
InflateRect
CharUpperW
CharToOemBuffA
OemToCharBuffA
CharUpperA
OemToCharA
CharLowerA
GetTopWindow
LoadCursorFromFileW
CreateIconFromResource
LookupIconIdFromDirectory
SetParent
GetClassLongW
SetClassLongW
IsRectEmpty
SystemParametersInfoA
GetSystemMetrics
RemovePropW
SetPropW
GetPropW
GetSysColorBrush
SetLastErrorEx
AnimateWindow
AdjustWindowRectEx
ShowScrollBar
GetComboBoxInfo
GetWindowDC
DrawIcon
DrawIconEx
CharToOemA
LoadMenuW
MonitorFromPoint
SetWindowTextW
SendMessageTimeoutW
ExitWindowsEx
UnionRect
SetRectEmpty
GetCursorPos
PostThreadMessageW
wvsprintfW
SendDlgItemMessageW
SystemParametersInfoW
DestroyIcon
EnumWindows
EqualRect
CopyRect
SetForegroundWindow
GetForegroundWindow
IsClipboardFormatAvailable
GetClipboardData
BringWindowToTop
GetWindowPlacement
MsgWaitForMultipleObjects
PeekMessageW
DispatchMessageW
TranslateMessage
IsDialogMessageW
UnhookWindowsHookEx
FindWindowExW
IntersectRect
SetActiveWindow
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
CallNextHookEx
SetWindowsHookExW
GetDlgItemTextA
SetDlgItemTextA
CreateDialogIndirectParamW
FindWindowW
RegisterWindowMessageA
wsprintfW
LoadStringW
LoadIconW
IsIconic
IsWindowVisible
UpdateLayeredWindow
SetLayeredWindowAttributes
SetCapture
ReleaseCapture
BeginPaint
EndPaint
InvalidateRect
RedrawWindow
SetCursor
SetRect
PtInRect
GetWindowLongW
SetWindowLongW
SendMessageW
IsChild
DestroyWindow
MoveWindow
DialogBoxIndirectParamW
EndDialog
GetDlgItem
CharNextW
GetActiveWindow
GetFocus
CreateAcceleratorTableW
DestroyAcceleratorTable
GetDC
ReleaseDC
InvalidateRgn
GetWindowTextW
GetWindowTextLengthW
SetWindowContextHelpId
ClientToScreen
ScreenToClient
GetSysColor
FillRect
GetDesktopWindow
GetParent
GetClassNameW
GetWindow
MapDialogRect
SetDlgItemInt
GetDlgItemInt
GetMessageW
SetDlgItemTextW
EnableWindow
MessageBoxW
SendMessageA
GetDlgItemTextW
CheckDlgButton
IsDlgButtonChecked
GetDlgCtrlID
GetKeyState
SetTimer
KillTimer
IsWindowEnabled
DrawTextW
MapWindowPoints
OffsetRect
CopyIcon
DestroyCursor
MonitorFromRect
MonitorFromWindow
GetMonitorInfoW
EnumChildWindows
LoadImageW

advapi32

RegQueryValueExW
RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
OpenProcessToken
OpenThreadToken
AllocateAndInitializeSid
EqualSid
FreeSid
GetTokenInformation
RegCreateKeyW
RegDeleteValueW
RegEnumKeyW
RegEnumKeyExW
RegEnumValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyW
RegQueryValueW
LookupPrivilegeValueA
SetFileSecurityW
SetFileSecurityA
AdjustTokenPrivileges
RegCloseKey

ole32

CreateStreamOnHGlobal
CoGetClassObject
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
StringFromGUID2
CoTaskMemAlloc
CoFreeLibrary
CoLoadLibrary
OleSetContainedObject
OleCreate
CoInitialize
CoTaskMemRealloc
CoUninitialize
CoRevokeClassObject
CoRegisterClassObject
CoGetObject
CoCreateGuid
OleLockRunning
OleUninitialize
OleInitialize
CoTaskMemFree

shell32

SHCreateDirectoryExW
SHAppBarMessage
DragFinish
DragQueryPoint
Shell_NotifyIconW
SHFileOperationW
SHChangeNotify
SHBrowseForFolderW
SHGetPathFromIDListW
DragAcceptFiles
DragQueryFileW
ShellExecuteW
SHGetSpecialFolderPathW

oleaut32

SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
VarBstrCmp
UnRegisterTypeLi
VarUI4FromStr
SysAllocStringByteLen
SysStringByteLen
RegisterTypeLi
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VariantClear
VariantInit
SysStringLen
SysAllocStringLen
SysAllocString
SysFreeString

shlwapi

PathFileExistsW
AssocQueryStringW

gdi32

CreateSolidBrush
DeleteDC
DeleteObject
GetDeviceCaps
GetStockObject
SelectObject
GetObjectW
CreatePen
Rectangle
CreateDIBSection
SetBkMode
SetTextColor
CreateFontIndirectW
GetTextExtentPointW
GetTextExtentPoint32W
SetBkColor
GetTextMetricsW
CreateCompatibleDC
GetClipBox
CreateFontW
RestoreDC
SaveDC
StretchBlt
Polygon
SetStretchBltMode
EnumFontFamiliesExW
GetStretchBltMode
CreateRectRgn
SelectClipRgn
CreateRectRgnIndirect
CombineRgn
CreateEllipticRgn
CreateRoundRectRgn
OffsetRgn
CreatePatternBrush
StretchDIBits
GetObjectA
ExtTextOutW
BitBlt
CreateCompatibleBitmap

urlmon

UrlMkGetSessionOption
CreateURLMonikerEx
CreateAsyncBindCtx
RegisterBindStatusCallback
IsAsyncMoniker
UrlMkSetSessionOption

winmm

mciSendCommandW
timeKillEvent
timeSetEvent
mixerSetControlDetails
mixerGetControlDetailsW
mixerGetLineControlsW
mixerGetID
mixerGetLineInfoW
waveOutGetNumDevs
mixerClose
mixerOpen
mixerGetDevCapsW
mixerGetNumDevs

gdiplus

GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipResetWorldTransform
GdipGetTextRenderingHint
GdipGetFontHeight
GdipCreateRegion
GdipSetStringFormatLineAlign
GdipFillRectangle
GdipGetLogFontW
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipSetStringFormatTrimming
GdipSetStringFormatHotkeyPrefix
GdipSetStringFormatFlags
GdipDrawLineI
GdipGetClip
GdipCombineRegionRectI
GdipSetEmpty
GdiplusStartup
GdipDrawRectangleI
GdipGetImageRawFormat
GdipCreatePen1
GdipImageRotateFlip
GdipCreateBitmapFromResource
GdipSetClipRegion
GdipBitmapLockBits
GdipGetPropertySize
GdipSaveImageToFile
GdipCreateHBITMAPFromBitmap
GdipGetImageEncoders
GdipBitmapGetPixel
GdipCreateImageAttributes
GdipCombineRegionRegion
GdipGetRegionHRgn
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDrawString
GdipDeleteFont
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDrawImagePointRectI
GdipSetPixelOffsetMode
GdipReleaseDC
GdipSetClipRectI
GdipFillRegion
GdipGraphicsClear
GdipSetInterpolationMode
GdipGetAllPropertyItems
GdipCreateBitmapFromFile
GdipGetImageEncodersSize
GdipDisposeImageAttributes
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipCreateRegionRectI
GdipDrawImageRectI
GdipDrawImageI
GdipFillRectangleI
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipFree
GdipAlloc
GdipBitmapUnlockBits
GdipCreateBitmapFromGdiDib
GdipCreateBitmapFromStream
GdipDrawImageRectRectI
GdipSetImageAttributesColorMatrix
GdipCloneBitmapAreaI
GdipDeletePen
GdiplusShutdown
GdipMeasureString
GdipSetStringFormatMeasurableCharacterRanges
GdipMeasureCharacterRanges
GdipResetClip
GdipCreateRegionRect
GdipDeleteRegion

iphlpapi

GetAdaptersInfo

wininet

InternetSetCookieW
InternetGetCookieW
InternetCrackUrlW
InternetCanonicalizeUrlW
HttpEndRequestW
InternetCloseHandle
InternetOpenUrlW
InternetReadFile
InternetQueryDataAvailable
InternetSetOptionW
HttpQueryInfoW
InternetQueryOptionW
InternetOpenW
HttpSendRequestExW
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetWriteFile
InternetConnectW

wintrust

WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WinVerifyTrust

crypt32

CertGetNameStringW

ws2_32

inet_addr
gethostbyaddr
gethostbyname
__WSAFDIsSet
closesocket
connect
htons
recv
select
send
shutdown
WSAGetLastError
WSAStartup
WSACleanup
ioctlsocket
socket

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

msimg32

AlphaBlend
TransparentBlt

comctl32

ImageList_Add
_TrackMouseEvent
ImageList_Remove
InitCommonControlsEx
ImageList_Create
ImageList_Destroy
ImageList_Draw
ImageList_AddMasked

imm32

ImmGetContext
ImmSetConversionStatus
ImmReleaseContext

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 650KB - Virtual size: 650KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared_G
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

2ed96fa9b3e9ad43d81d60a80ea45af2

Code Sign

4f:58:fc:05:42:6c:c4:b6:5d:bc:0c:2c:2e:3a:f3:04Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

15:c6:8a:7b:62:dd:6a:67:41:ed:fd:bb:80:ba:d3:ff:98:30:0e:3b:36:ab:4c:3e:14:78:de:6d:26:1a:92:cbSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

comdlg32

powrprof

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

gdi32

urlmon

winmm

gdiplus

iphlpapi

wininet

wintrust

crypt32

ws2_32

wtsapi32

msimg32

comctl32

imm32

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 650KB - Virtual size: 650KB

.data Size: 72KB - Virtual size: 175KB

Shared_G Size: 512B - Virtual size: 12B

.rsrc Size: 4.8MB - Virtual size: 4.8MB

4f:58:fc:05:42:6c:c4:b6:5d:bc:0c:2c:2e:3a:f3:04
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

15:c6:8a:7b:62:dd:6a:67:41:ed:fd:bb:80:ba:d3:ff:98:30:0e:3b:36:ab:4c:3e:14:78:de:6d:26:1a:92:cb
Signer

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 650KB - Virtual size: 650KB

.data
Size: 72KB - Virtual size: 175KB

Shared_G
Size: 512B - Virtual size: 12B

.rsrc
Size: 4.8MB - Virtual size: 4.8MB